红帽全球峰会5.4. 在 GCP Marketplace 中使用安全引导配置 RHEL 实例
要确保 Google Cloud Platform (GCP)上的 Red Hat Enterprise Linux 实例有安全的操作系统引导过程,请使用安全引导。要在 GCP 上配置带有安全引导支持的 RHEL 实例,请从 GCP Marketplace 启动 RHEL 镜像,使用 Turn on Secure Boot 选项预先配置。
在安全引导选项上打开支持安全引导 选项,支持安全引导所需的统一可扩展固件接口(UEFI)引导装载程序。如果没有 UEFI,安全引导功能将无法正常工作。默认情况下,它具有带有 Microsoft 证书的允许签名数据库(db)。
先决条件
- 在 Google Cloud Platform 上有一个帐户。详情请参阅 Google Cloud Platform。
流程
- 从 Google Cloud 控制台启动公开可用的 Red Hat Enterprise Linux 实例。
安装
keyutils软件包:dnf install keyutils
$ dnf install keyutilsCopy to Clipboard Copied! Toggle word wrap Toggle overflow 在 RHEL GCP 实例中启用
Turn on Secure Boot选项:
验证
验证是否启用了安全引导:
mokutil --sb-state
$ mokutil --sb-state SecureBoot enabledCopy to Clipboard Copied! Toggle word wrap Toggle overflow 验证自定义证书的内核密钥环:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}